I have never worked with bots but I have reversed/analysed a couple. I remember one specific because of it's "intelligence".
It all begun when I was redirected trough a Facebook link to a Youtube clone. The site had massive http connections. I checked the requests with Tamper Data (Firefox addon) and it was 100+ connections from different ip address.
Thought this was interesting cuz I had never seen something like this before. Anyway, everywhere you clicked on the site the "download file" window pop up and I downloaded the file.
I analysed the file while running it and the first thing it does was adding some stuff to ms register. Then it installed a webserver in the windows/sys32 folder. After this the original file, the one you downloaded from the Youtube clone, erased itself.
I begun sniffing the traffic from the webserver and found out that it sent requests to the Youtube clone site. I visited the site again and started Temper Data and there where my IP. I was now one in the botnet.
Okey so what was the point then? Why did I sent requests to the site? I continue sniffing for a while to see what happened and found out that I was helping the botnet owner sending out his install file. The same way some infected random computer transferred the bin file to me, the same way did I now transfer the file to some random visiting the site.
I did never finishing the complete analyse, e.g. what harm could my computer do or what information could the botnet owner steal from me. But what I know is that the webserver also communicated with someone from another country (think it was Canada) and I think that canadian computer controlled everything.
Sorry for long text, just wanted to share.
And for off topic, I know I guy how reversed a bot so good that he ended up chatting with the owner on some mirc channel
those 3 comon ways.
